struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "CRANFORD, CHRIS" <Chris.Cranf...@setech.com>
Subject HTTP/HTTPS Switch Options
Date Fri, 12 Feb 2010 14:51:54 GMT
 

In our prior Struts 1.x release of our web portal, all connections were
redirected through HTTPS.  Unfortunately, there was a fair amount of
information on the portal which could have easily been served back to
the browser via HTTP rather than using SSL to avoid unnecessary overhead
but at the time the easiest solution was simply to stay HTTPS.  

 

As we've moved to Struts 2.1.x, I'm revisiting alternatives.  Ideally
what I would like to be able to do is secure the authentication process
and then potentially move the session back to HTTP to avoid that
unnecessary overhead.  I've read that you can create a Filter and adjust
the Tomcat cookies that are set, but I was curious if there is a more
elegant and supported way of doing this?  

 

Presently authentication is what I am looking at but down the road,
there may be additional actions that we would want to consider securing
but maintaining the session between both the HTTP and HTTPS states of
the site just to protect the data being sent to and from the browser and
server.

 

Thoughts and suggestions?

 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message